libmcrypt-devel - Development libraries and headers for libmcrypt… more info»

README.key

Mcrypt 2.1 was insecure (vulnerable to brute force attack for weak keys)
because it just used the plainkey as it was given by the user as algorithm's
key. The solution seems to be a function which tranforms the
key given by the user to a real -random looking- key.
There are many functions that may convert a password or a passphrase to
a key. Most of them use hash algorithms. You can find some implementations
at the libmhash package at: http://mhash.sourceforge.net